diff --git a/.config/mise.lock b/.config/mise.lock deleted file mode 100644 index f4cbfd45..00000000 --- a/.config/mise.lock +++ /dev/null @@ -1,87 +0,0 @@ -[[tools.dotnet]] -version = "8.0.414" -backend = "asdf:dotnet" - -[[tools."github:pulumi/pulumictl"]] -version = "0.0.50" -backend = "github:pulumi/pulumictl" - -[tools."github:pulumi/pulumictl".platforms.linux-x64] -checksum = "sha256:a988418240d3a985bdcb9753b7c65ba4b06608deb359dc2942cb8c9374abc164" -name = "pulumictl-v0.0.50-linux-amd64.tar.gz" -size = 27744219 -url = "https://github.com/pulumi/pulumictl/releases/download/v0.0.50/pulumictl-v0.0.50-linux-amd64.tar.gz" -url_api = "https://api.github.com/repos/pulumi/pulumictl/releases/assets/278054496" - -[[tools."github:pulumi/schema-tools"]] -version = "0.6.0" -backend = "github:pulumi/schema-tools" - -[tools."github:pulumi/schema-tools".platforms.linux-x64] -checksum = "blake3:82dfe616fee18b4258f6e3d2dc3c4e9f14afd43a0a4cc33eff2d2a04088d6ca3" -name = "schema-tools-v0.6.0-linux-amd64.tar.gz" -size = 14282746 -url = "https://github.com/pulumi/schema-tools/releases/download/v0.6.0/schema-tools-v0.6.0-linux-amd64.tar.gz" -url_api = "https://api.github.com/repos/pulumi/schema-tools/releases/assets/118725905" - -[[tools.go]] -version = "1.24.10" -backend = "core:go" - -[tools.go.platforms.macos-arm64] -checksum = "sha256:71c70841bcdadf4b5d2f7c0f099952907969f25235663622a47d6f2233ad39aa" -size = 76432098 -url = "https://dl.google.com/go/go1.24.10.darwin-arm64.tar.gz" - -[[tools.golangci-lint]] -version = "1.64.8" -backend = "aqua:golangci/golangci-lint" - -[tools.golangci-lint.platforms.linux-x64] -checksum = "sha256:b6270687afb143d019f387c791cd2a6f1cb383be9b3124d241ca11bd3ce2e54e" -size = 12364828 -url = "https://github.com/golangci/golangci-lint/releases/download/v1.64.8/golangci-lint-1.64.8-linux-amd64.tar.gz" - -[[tools.gradle]] -version = "7.6.6" -backend = "aqua:gradle/gradle" - -[tools.gradle.platforms.linux-x64] -checksum = "sha256:673d9776f303bc7048fc3329d232d6ebf1051b07893bd9d11616fad9a8673be0" -size = 128439774 -url = "https://github.com/gradle/gradle-distributions/releases/download/v7.6.6/gradle-7.6.6-bin.zip" - -[[tools.java]] -version = "corretto-11.0.29.7.1" -backend = "core:java" - -[tools.java.platforms.linux-x64] -checksum = "sha256:279c6d3124f8b0251b16297b16687fe8b3946410b05ed27de1259b5e5cea02ba" -size = 195379320 -url = "https://corretto.aws/downloads/resources/11.0.29.7.1/amazon-corretto-11.0.29.7.1-linux-x64.tar.gz" - -[[tools.node]] -version = "20.19.5" -backend = "core:node" - -[tools.node.platforms.linux-x64] -checksum = "sha256:4eba5fbe1fb10753bc06e42f001a91c5cec16798b7764a3e9257adc59af47fe1" -size = 47041607 -url = "https://nodejs.org/dist/v20.19.5/node-v20.19.5-linux-x64.tar.gz" - -[[tools."npm:yarn"]] -version = "1.22.22" -backend = "npm:yarn" - -[[tools.pulumi]] -version = "3.206.0" -backend = "aqua:pulumi/pulumi" - -[tools.pulumi.platforms.macos-arm64] -checksum = "sha256:bd0db01d82d9092c9408d2ebe8862cf37c75b00bc2d205757d02f7e4a1813f7a" -size = 86039751 -url = "https://github.com/pulumi/pulumi/releases/download/v3.206.0/pulumi-v3.206.0-darwin-arm64.tar.gz" - -[[tools.python]] -version = "3.11.8" -backend = "core:python" diff --git a/.config/mise.toml b/.config/mise.toml index f52e9c42..f7dcbda1 100644 --- a/.config/mise.toml +++ b/.config/mise.toml @@ -18,12 +18,12 @@ java = 'corretto-11' # Executable tools pulumi = "{{ get_env(name='PULUMI_VERSION_MISE', default='latest') }}" -"github:pulumi/pulumictl" = 'latest' -"github:pulumi/schema-tools" = "latest" -gradle = '7.6' +"github:pulumi/pulumictl" = '0.0.50' +"github:pulumi/schema-tools" = "0.6.0" +"aqua:gradle/gradle-distributions" = '7.6.6' golangci-lint = "1.64.8" # See note about about overrides if you need to customize this. "npm:yarn" = "1.22.22" [settings] experimental = true # Required for Go binaries (e.g. pulumictl). -lockfile = true +lockfile = false diff --git a/.github/actions/setup-tools/action.yml b/.github/actions/setup-tools/action.yml index ffb73efc..897b5fa4 100644 --- a/.github/actions/setup-tools/action.yml +++ b/.github/actions/setup-tools/action.yml @@ -5,22 +5,25 @@ inputs: cache: description: Enable caching required: false - default: 'false' + default: "false" + github_token: + description: GitHub token + required: true runs: using: "composite" steps: - name: Setup mise - uses: jdx/mise-action@be3be2260bc02bc3fbf94c5e2fed8b7964baf074 # v3 + uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3 + env: + MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s with: - # Latest working version. See https://github.com/jdx/mise/discussions/6781 - version: 2025.10.16 - github_token: ${{ github.token }} - cache_key: "mise-{{platform}}-{{file_hash}}" + version: 2025.11.6 cache_save: ${{ inputs.cache }} + github_token: ${{ inputs.github_token }} - name: Setup Go Cache - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: cache: ${{ inputs.cache }} cache-dependency-path: | @@ -31,7 +34,7 @@ runs: *.sum - name: Setup Node - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 with: # we don't set node-version because we install with mise. # this step is needed to setup npm auth diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9ed112b1..9b72b67a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,7 +16,9 @@ on: workflow_dispatch: {} env: PROVIDER: kubernetes-cert-manager + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget TRAVIS_OS_NAME: linux + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. GOVERSION: "1.21.x" NODEVERSION: "20.x" PYTHONVERSION: "3.11.8" @@ -38,7 +40,7 @@ jobs: pull-requests: write # For schema check comment. steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true - env: @@ -61,6 +63,7 @@ jobs: uses: ./.github/actions/setup-tools with: cache: 'true' + github_token: ${{ secrets.GITHUB_TOKEN }} - if: github.event_name == 'pull_request' name: Install Schema Tools uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0 @@ -112,10 +115,6 @@ jobs: sdk/nodejs/package.json sdk/python/pyproject.toml sdk/java/build.gradle - **/mise.lock - **/.config/mise.lock - **/mise.*.lock - **/.config/mise.*.lock - name: Commit SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') && github.event_name == @@ -209,7 +208,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true - env: @@ -230,6 +229,8 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Setup Tools uses: ./.github/actions/setup-tools + with: + github_token: ${{ secrets.GITHUB_TOKEN }} - name: Download Provider Binary uses: ./.github/actions/download-provider - name: Generate SDK @@ -248,10 +249,6 @@ jobs: sdk/nodejs/package.json sdk/python/pyproject.toml sdk/java/build.gradle - **/mise.lock - **/.config/mise.lock - **/mise.*.lock - **/.config/mise.*.lock - name: Commit SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') && github.event_name == @@ -328,7 +325,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true - env: @@ -373,7 +370,7 @@ jobs: id-token: write # For ESC secrets and Pulumi access token OIDC. steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true - env: @@ -394,6 +391,8 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Setup Tools uses: ./.github/actions/setup-tools + with: + github_token: ${{ secrets.GITHUB_TOKEN }} - name: Download Provider Binary uses: ./.github/actions/download-provider - name: Download SDK @@ -448,7 +447,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true - env: @@ -469,6 +468,8 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Setup Tools uses: ./.github/actions/setup-tools + with: + github_token: ${{ secrets.GITHUB_TOKEN }} - name: Clear GitHub Actions Ubuntu runner disk space uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 with: @@ -479,7 +480,7 @@ jobs: swap-storage: true large-packages: false - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 + uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 with: aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }} aws-region: us-east-2 @@ -519,7 +520,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true - env: @@ -539,13 +540,15 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Checkout Scripts Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: path: ci-scripts repository: pulumi/scripts - run: echo "ci-scripts" >> .git/info/exclude - name: Setup Tools uses: ./.github/actions/setup-tools + with: + github_token: ${{ secrets.GITHUB_TOKEN }} - name: Download python SDK uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: @@ -598,13 +601,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - name: Setup Tools uses: ./.github/actions/setup-tools + with: + github_token: ${{ secrets.GITHUB_TOKEN }} - name: Disarm go:embed directives to enable linters that compile source code run: git grep -l 'go:embed' -- provider | xargs --no-run-if-empty sed -i 's/go:embed/ goembed/g' diff --git a/.github/workflows/command-dispatch.yml b/.github/workflows/command-dispatch.yml index b6375b55..aaf743f9 100644 --- a/.github/workflows/command-dispatch.yml +++ b/.github/workflows/command-dispatch.yml @@ -6,6 +6,7 @@ env: GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_PROJECT_NUMBER: "637339343727" + PULUMI_PULUMI_ENABLE_JOURNALING: "true" PULUMI_TEST_OWNER: moolumi jobs: @@ -17,7 +18,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - env: @@ -29,7 +30,7 @@ jobs: id: esc-secrets name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - - uses: peter-evans/slash-command-dispatch@13bc09769d122a64f75aa5037256f6f2d78be8c4 # v4 + - uses: peter-evans/slash-command-dispatch@5c11dc7efead556e3bdabf664302212f79eb26fa # v5 with: commands: | run-acceptance-tests diff --git a/.github/workflows/community-moderation.yml b/.github/workflows/community-moderation.yml index 1989abf8..ad20184a 100644 --- a/.github/workflows/community-moderation.yml +++ b/.github/workflows/community-moderation.yml @@ -6,7 +6,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - id: schema_changed diff --git a/.github/workflows/export-repo-secrets.yml b/.github/workflows/export-repo-secrets.yml index 00397097..93f70f24 100644 --- a/.github/workflows/export-repo-secrets.yml +++ b/.github/workflows/export-repo-secrets.yml @@ -8,7 +8,7 @@ jobs: steps: - name: Generate a GitHub token id: generate-token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 with: app-id: 1256780 # Export Secrets GitHub App private-key: ${{ secrets.EXPORT_SECRETS_PRIVATE_KEY }} diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index b5872a32..84b7df5b 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -7,7 +7,9 @@ on: - v*.*.*-** env: PROVIDER: kubernetes-cert-manager + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget TRAVIS_OS_NAME: linux + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. GOVERSION: "1.21.x" NODEVERSION: "20.x" PYTHONVERSION: "3.11.8" @@ -27,7 +29,7 @@ jobs: name: prerequisites steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true - env: @@ -50,6 +52,7 @@ jobs: uses: ./.github/actions/setup-tools with: cache: 'true' + github_token: ${{ secrets.GITHUB_TOKEN }} - if: github.event_name == 'pull_request' name: Install Schema Tools uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0 @@ -101,10 +104,6 @@ jobs: sdk/nodejs/package.json sdk/python/pyproject.toml sdk/java/build.gradle - **/mise.lock - **/.config/mise.lock - **/mise.*.lock - **/.config/mise.*.lock - name: Commit SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') && github.event_name == @@ -198,7 +197,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true - env: @@ -219,6 +218,8 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Setup Tools uses: ./.github/actions/setup-tools + with: + github_token: ${{ secrets.GITHUB_TOKEN }} - name: Download Provider Binary uses: ./.github/actions/download-provider - name: Generate SDK @@ -237,10 +238,6 @@ jobs: sdk/nodejs/package.json sdk/python/pyproject.toml sdk/java/build.gradle - **/mise.lock - **/.config/mise.lock - **/mise.*.lock - **/.config/mise.*.lock - name: Commit ${{ matrix.language }} SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') && github.event_name == @@ -326,7 +323,7 @@ jobs: id-token: write # For ESC secrets and Pulumi access token OIDC. steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true - env: @@ -347,6 +344,8 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Setup Tools uses: ./.github/actions/setup-tools + with: + github_token: ${{ secrets.GITHUB_TOKEN }} - name: Download Provider Binary uses: ./.github/actions/download-provider - name: Download SDK @@ -401,7 +400,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true - env: @@ -422,6 +421,8 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Setup Tools uses: ./.github/actions/setup-tools + with: + github_token: ${{ secrets.GITHUB_TOKEN }} - name: Clear GitHub Actions Ubuntu runner disk space uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 with: @@ -432,7 +433,7 @@ jobs: swap-storage: true large-packages: false - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 + uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 with: aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }} aws-region: us-east-2 @@ -472,7 +473,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true - env: @@ -492,13 +493,15 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Checkout Scripts Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: path: ci-scripts repository: pulumi/scripts - run: echo "ci-scripts" >> .git/info/exclude - name: Setup Tools uses: ./.github/actions/setup-tools + with: + github_token: ${{ secrets.GITHUB_TOKEN }} - name: Download python SDK uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: @@ -552,7 +555,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true - env: @@ -573,6 +576,8 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Setup Tools uses: ./.github/actions/setup-tools + with: + github_token: ${{ secrets.GITHUB_TOKEN }} - name: Download java SDK uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: @@ -600,7 +605,7 @@ jobs: needs: publish_sdk steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true - id: version diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index aead29c0..f9356033 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -10,7 +10,7 @@ jobs: name: comment-on-pr steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true - name: Comment PR diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d0bab79e..50dc554f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,7 +8,9 @@ on: - "!v*.*.*-**" env: PROVIDER: kubernetes-cert-manager + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget TRAVIS_OS_NAME: linux + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. GOVERSION: "1.21.x" NODEVERSION: "20.x" PYTHONVERSION: "3.11.8" @@ -30,7 +32,7 @@ jobs: pull-requests: write # For schema check comment. steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true - env: @@ -53,6 +55,7 @@ jobs: uses: ./.github/actions/setup-tools with: cache: 'true' + github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} - if: github.event_name == 'pull_request' name: Install Schema Tools uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0 @@ -104,10 +107,6 @@ jobs: sdk/nodejs/package.json sdk/python/pyproject.toml sdk/java/build.gradle - **/mise.lock - **/.config/mise.lock - **/mise.*.lock - **/.config/mise.*.lock - name: Commit SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') && github.event_name == @@ -201,7 +200,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true - env: @@ -222,6 +221,8 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Setup Tools uses: ./.github/actions/setup-tools + with: + github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} - name: Download Provider Binary uses: ./.github/actions/download-provider - name: Generate SDK @@ -240,10 +241,6 @@ jobs: sdk/nodejs/package.json sdk/python/pyproject.toml sdk/java/build.gradle - **/mise.lock - **/.config/mise.lock - **/mise.*.lock - **/.config/mise.*.lock - name: Commit SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') && github.event_name == @@ -329,7 +326,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true - env: @@ -350,6 +347,8 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Setup Tools uses: ./.github/actions/setup-tools + with: + github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} - name: Download Provider Binary uses: ./.github/actions/download-provider - name: Download SDK @@ -404,7 +403,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true - env: @@ -425,6 +424,8 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Setup Tools uses: ./.github/actions/setup-tools + with: + github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} - name: Clear GitHub Actions Ubuntu runner disk space uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 with: @@ -435,7 +436,7 @@ jobs: swap-storage: true large-packages: false - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 + uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 with: aws-access-key-id: ${{ steps.esc-secrets.outputs.AWS_ACCESS_KEY_ID }} aws-region: us-east-2 @@ -475,7 +476,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true - env: @@ -495,13 +496,15 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Checkout Scripts Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: path: ci-scripts repository: pulumi/scripts - run: echo "ci-scripts" >> .git/info/exclude - name: Setup Tools uses: ./.github/actions/setup-tools + with: + github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} - name: Download python SDK uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: @@ -555,7 +558,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true - env: @@ -576,6 +579,8 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Setup Tools uses: ./.github/actions/setup-tools + with: + github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} - name: Download java SDK uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: @@ -603,7 +608,7 @@ jobs: needs: publish_sdk steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true - id: version @@ -642,7 +647,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true - env: diff --git a/.github/workflows/release_command.yml b/.github/workflows/release_command.yml index 443b8cb9..21fad2ac 100644 --- a/.github/workflows/release_command.yml +++ b/.github/workflows/release_command.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - env: diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index fbc30d1a..f7a5b752 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -11,7 +11,9 @@ on: workflow_dispatch: {} env: PROVIDER: kubernetes-cert-manager + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget TRAVIS_OS_NAME: linux + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. GOVERSION: "1.21.x" NODEVERSION: "20.x" PYTHONVERSION: "3.11.8" @@ -22,6 +24,7 @@ env: GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_PROJECT_NUMBER: "637339343727" + PULUMI_PULUMI_ENABLE_JOURNALING: "true" PULUMI_TEST_OWNER: moolumi PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} jobs: @@ -31,7 +34,7 @@ jobs: name: comment-notification steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true persist-credentials: false @@ -56,7 +59,7 @@ jobs: pull-requests: write # For schema check comment. steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true persist-credentials: false @@ -81,6 +84,7 @@ jobs: uses: ./.github/actions/setup-tools with: cache: 'true' + github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} - if: github.event_name == 'pull_request' name: Install Schema Tools uses: jaxxstorm/action-install-gh-release@6096f2a2bbfee498ced520b6922ac2c06e990ed2 # v2.1.0 @@ -132,10 +136,10 @@ jobs: sdk/nodejs/package.json sdk/python/pyproject.toml sdk/java/build.gradle - **/mise.lock - **/.config/mise.lock - **/mise.*.lock - **/.config/mise.*.lock + # This worktree check is a safeguard against someone forgetting to + # re-build and commit locally, but we handle that commit automatically in + # the case of dependency bumps. + continue-on-error: ${{ contains(github.actor, 'renovate') }} - name: Commit SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') && github.event_name == @@ -231,7 +235,7 @@ jobs: id-token: write # For ESC secrets. steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true persist-credentials: false @@ -254,6 +258,8 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Setup Tools uses: ./.github/actions/setup-tools + with: + github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} - name: Download provider uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: @@ -281,10 +287,6 @@ jobs: sdk/nodejs/package.json sdk/python/pyproject.toml sdk/java/build.gradle - **/mise.lock - **/.config/mise.lock - **/mise.*.lock - **/.config/mise.*.lock - name: Commit SDK changes for Renovate if: failure() && steps.worktreeClean.outcome == 'failure' && contains(github.actor, 'renovate') && github.event_name == @@ -372,7 +374,7 @@ jobs: id-token: write steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true persist-credentials: false @@ -395,6 +397,8 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Setup Tools uses: ./.github/actions/setup-tools + with: + github_token: ${{ steps.esc-secrets.outputs.PULUMI_BOT_TOKEN }} - name: Download provider uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: @@ -461,7 +465,7 @@ jobs: name: sentinel steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true persist-credentials: false @@ -476,7 +480,7 @@ jobs: name: Fetch secrets from ESC uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - name: Mark workflow as successful - uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 # v1.1.13 + uses: guibranco/github-status-action-v2@631f55ea0251f0fb284525ad86c30e9f7a8dd284 # v1.1.14 with: authToken: ${{ secrets.GITHUB_TOKEN }} context: Sentinel @@ -496,13 +500,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true persist-credentials: false ref: ${{ env.PR_COMMIT_SHA }} - name: Setup Tools uses: ./.github/actions/setup-tools + with: + github_token: ${{ secrets.GITHUB_TOKEN }} - name: Disarm go:embed directives to enable linters that compile source code run: git grep -l 'go:embed' -- provider | xargs --no-run-if-empty sed -i 's/go:embed/ goembed/g' diff --git a/.github/workflows/weekly-pulumi-update.yml b/.github/workflows/weekly-pulumi-update.yml index 79ad8dfd..1dd69024 100644 --- a/.github/workflows/weekly-pulumi-update.yml +++ b/.github/workflows/weekly-pulumi-update.yml @@ -8,7 +8,9 @@ on: env: GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} PROVIDER: kubernetes-cert-manager + PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget TRAVIS_OS_NAME: linux + PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. GOVERSION: "1.21.x" NODEVERSION: "20.x" PYTHONVERSION: "3.11.8" @@ -19,6 +21,7 @@ env: GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci GOOGLE_PROJECT_NUMBER: "637339343727" + PULUMI_PULUMI_ENABLE_JOURNALING: "true" PULUMI_TEST_OWNER: moolumi jobs: @@ -27,7 +30,7 @@ jobs: permissions: write-all steps: - name: Checkout Repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: lfs: true - env: @@ -41,6 +44,8 @@ jobs: uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b - name: Setup Tools uses: ./.github/actions/setup-tools + with: + github_token: ${{ secrets.GITHUB_TOKEN }} - name: Update Pulumi/Pulumi id: gomod run: >-